Cross Site Scripting (XSS) Vulnerability in Wekan v6.84 and Earlier

Cross Site Scripting (XSS) Vulnerability in Wekan v6.84 and Earlier

CVE-2023-31779 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature.

Learn more about our User Device Pen Test.